Open Request Legend of Slime : Idle RPG

[jacob42]

If your phone rooted then i will upload the steps how to do in game guardian. Leave that guy he's advertising xD

Hmm, I wonder if you were able to do that (but not other things) because some functions in the code I dumped appear to use protected/hidden values. I think the chicken's stats may not use those same protected structures. But, when I tried and edit them by searching for the values directly, I had no luck since I would always isolate one address for a stat as I searched/refined search, but then it would change itself to some negative number and not actually be the stat anymore(changing it did nothing, or was only visual). Did you just do something like that, or did you use the offsets from a dump to mod it?

Update:
I've tried hooking the getter/setter functions with Frida, but the process is protected and will either use the anti-cheat called "Liapp" to detect tampering and force close the application or prevent attaching if it's already launched. I also tried developing a mod menu using the functions to hook, but recompiling the .apk also triggers Liapp detection, so the app crashes on launch. If you were able to do it just with Game Guardian alone, I'm gonna feel pretty dumb for how much time and research I've spent on this. Then again, it was for fun, but it's still very frustrating to not know what I'm missing lol

 

[1hit999]

So I've been trying to crack this game for a few days now with no luck. Initially, I couldn't even dump the game since the metadata is encrypted (oddly, the libil2cpp.so is not encrypted). The game is very good at obfuscating the metadata on-demand, and it requires VERY precise timing to get the raw metadata from a dump. However, I did manage to do it and have been poking around in IDA/DnSPY, but this game uses a lot of getter/setter methods that result in quite complicated ARM64 functions. I've attached the Il2CppDump files here for FREE (not paid, smh) Legend of Slime – Google Drive (including the .DLLs, the dump.cs, and the script.json for IDA/Ghidra) if anyone wants to take a look at the decompiled functions. However, when I recompiled/resigned the APK with EasyAPKtool, even when I didn't modify anything, the app immediately crashes. I'm assuming a form of signature verification. If anyone knows how to bypass this, that would be very helpful, since I haven't even been able to test any ARM64 modifications on the libil2cpp.so because of this crashing either.

I actually am on iOS, but I don't have a jailbroken device to dump the game (on iOS, the libil2cpp.so is encrypted, but the metadata isn't... the opposite of Android). So, that's why I was using WSA on my laptop to emulate the game so I could use the dumped script.json from Android on the libil2cpp.so for iOS in IDA. It worked, but I still have no idea what I should be editing. I don't care which platform I'm using, since I can just port my save data from ANdroid -> iOS in the game itself, but I can't get past this barrier on Android. I haven't tried patching iOS yet (I can easily sideload it, but I anticipate another signature verification BS), but I might try that next.

where is dump.cs ? i can't see it.

 

[jacob42]

where is dump.cs ? i can't see it.

Woops! I forgot to include that--thank you for the reminder. Check now, I uploaded it!

 

[1hit999]

Woops! I forgot to include that--thank you for the reminder. Check now, I uploaded it!

thank, i'll try make end game mode :)) can you teach me how dump file when metadata is encrypt :))

 

[jacob42]

thank, i'll try make end game mode :)) can you teach me how dump file when metadata is encrypt :))

Good luck. If you're going for assembly/IDA/Ghidra/hex modifications, DnSpy will help a lot and the IDA/ghidra scripts to use the dump to name the functoins. If you're going for hooks, then you'll either want physical android device (ARM64) or genymotion on amazon web services (ARM64). Since windows subsystem for android, bluestacks, nox, android studio, etc. are x64/x86 and emulate ARM64, so you can't access libil2cpp.so at runtime unless you use a physical device or genymotion ARM64. App uses protection "Liapp" and will crash on launch.

For metadata, it doesn't depend on ARM64, so any emulaltor would work. Quite simple, mostly luck. Start game guardian. Start game. Go to the metadata address in GG (gotten from a dump, should usually be similar every time) to get a feeling for what the encypted metadata looks like. Now, force quit game and restart it. Minimize game/switch apps if on physical device right before or as the black screen comes up when it launches. Usually only giving it a few seconds or less to run. Then check the usual address in GG for the metadata. It will either be the same thing as before (encypted), and means u need to restart. If it's different, voila. Dump the addresses now. The real metadata is usually a tiny bit down from the usual encypted metadata address. It's all about timing. But you don't need to do that since I dumped it already (I can give u the metadata file if u really want it). But, hopefully someone finds this useful in the future for other games.

 

[GameOfDice]

Hmm, I wonder if you were able to do that (but not other things) because some functions in the code I dumped appear to use protected/hidden values. I think the chicken's stats may not use those same protected structures. But, when I tried and edit them by searching for the values directly, I had no luck since I would always isolate one address for a stat as I searched/refined search, but then it would change itself to some negative number and not actually be the stat anymore(changing it did nothing, or was only visual). Did you just do something like that, or did you use the offsets from a dump to mod it?

Update:
I've tried hooking the getter/setter functions with Frida, but the process is protected and will either use the anti-cheat called "Liapp" to detect tampering and force close the application or prevent attaching if it's already launched. I also tried developing a mod menu using the functions to hook, but recompiling the .apk also triggers Liapp detection, so the app crashes on launch. If you were able to do it just with Game Guardian alone, I'm gonna feel pretty dumb for how much time and research I've spent on this. Then again, it was for fun, but it's still very frustrating to not know what I'm missing lol

I'm not using dump method. Only gg + disable anticheat directly through the codes

 

[jacob42]

I'm not using dump method. Only gg + disable anticheat directly through the codes

How are you doing it then? The traditional way of search for level in memory, level up once so value changes, then refine search in memory until you find address? Cause that doesn’t do anything for me. Can you explain in more detail or post a vid pls? Thank.

 

[Plyno]

Up

 

[1hit999]

will pay 1k usd for teach to mod slime, game guardian or cheatengine alternative with memu

still validated ? i can hack this with game guardian.

 

[jacob42]

still validated ? i can hack this with game guardian.

Dang, you too now? How'd you do it with GG? Why tf am I the only one whose numbers don't stick when I change them lol.

 

[Keysurfer]

Up

 

[1hit999]

Dang, you too now? How'd you do it with GG? Why tf am I the only one whose numbers don't stick when I change them lol.

because you change the fake value - value for text show

 

[1hit999]

Dang, you too now? How'd you do it with GG? Why tf am I the only one whose numbers don't stick when I change them lol.

they create some "same vale", but only one is real for use. Any increase or decrease the real value, another value will increase or decrease same amount !!
I can't tell more, because it's a secret.

 

[GameOfDice]

How are you doing it then? The traditional way of search for level in memory, level up once so value changes, then refine search in memory until you find address? Cause that doesn’t do anything for me. Can you explain in more detail or post a vid pls? Thank.

Chk Pm

 

[GameOfDice]

they create some "same vale", but only one is real for use. Any increase or decrease the real value, another value will increase or decrease same amount !!
I can't tell more, because it's a secret.

it's not a secret :/ sharing knowledge is a free thing. I dont know about dump process even though many tools there. Some games are non modable by modders can do via gg ( not all but some server sided games including currency )

 

[1hit999]

it's not a secret :/ sharing knowledge is a free thing. I dont know about dump process even though many tools there. Some games are non modable by modders can do via gg ( not all but some server sided games including currency )

all game hack by gg, can be hack by modder, and opposite :)

 

[jacob42]

all game hack by gg, can be hack by modder, and opposite :)

I don't know what was so "secret," especially after I shared with you how I was able to decrypt and dump the metadata, you'd think you'd want to reciprocate no? Don't gotta be like that.. And, no, that's not true at all. This games uses a very advanced protection called Liapp. Look it up everyone says it's the toughest one in the industry to beat. Editing values in memory can still be easier than actual modding because memory values are displayed as they are. As long as you can locate the right value, you're set, whereas the game's functions themselves are obfuscated and the game tries to make it impossible for any modifications to the source code or injectables like Frida through Liapp.

 

[nemesis13255]

Up

 

[IDeathKai]

I don't know what was so "secret," especially after I shared with you how I was able to decrypt and dump the metadata, you'd think you'd want to reciprocate no? Don't gotta be like that.. And, no, that's not true at all. This games uses a very advanced protection called Liapp. Look it up everyone says it's the toughest one in the industry to beat. Editing values in memory can still be easier than actual modding because memory values are displayed as they are. As long as you can locate the right value, you're set, whereas the game's functions themselves are obfuscated and the game tries to make it impossible for any modifications to the source code or injectables like Frida through Liapp.

It's actually pretty easy to bypass

 

[maojosh622]

up